10-23-2022 11:30 AM
Hi guys, im newbie.
Please give me some insight, had some question to be cleared
1. been wondering why route to my loopback address only advertised through 10.200.0.2?
2. why ip p2p for bgp is not advertised (103.158.98.146, 103.158.98.150, 114.5.179.150, 124.195.39.226)?
device is cisco asr1001-x
here's my configuration and bgp summary for reference
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Border-ITB-AJW
!
boot-start-marker
boot system flash bootflash:asr1001x-universalk9.16.06.06.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$7/tf$G//FeVJL5XOi6ZGjA4pse0
!
aaa new-model
!
!
aaa group server tacacs+ tacgroup
server 167.205.23.19
server 167.205.23.29
!
aaa authentication login default local
aaa authentication login tac-itb group tacgroup local
aaa authentication enable default group tacacs+ none
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 1 tac-itb group tacgroup local
aaa authorization commands 15 default group tacacs+ none
aaa authorization commands 15 tac-itb group tacgroup local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 1 tac-itb stop-only group tacgroup
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting commands 15 tac-itb stop-only group tacgroup
!
!
aaa attribute list local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
no ip domain lookup
ip domain name border-router.itb
ip dhcp excluded-address 10.200.18.1 10.200.18.10
ip dhcp excluded-address 10.200.10.1 10.200.10.10
ip dhcp excluded-address 10.200.11.1 10.200.11.10
ip dhcp excluded-address 10.200.12.1 10.200.12.10
ip dhcp excluded-address 10.200.13.1 10.200.13.10
ip dhcp excluded-address 10.200.14.1 10.200.14.10
ip dhcp excluded-address 10.200.15.1 10.200.15.10
ip dhcp excluded-address 10.200.16.1 10.200.16.10
ip dhcp excluded-address 10.200.17.1 10.200.17.10
ip dhcp excluded-address 10.200.19.1 10.200.19.10
ip dhcp excluded-address 10.200.20.1 10.200.20.10
ip dhcp excluded-address 10.200.21.1 10.200.21.10
ip dhcp excluded-address 10.200.22.1 10.200.22.10
ip dhcp excluded-address 10.200.23.1 10.200.23.10
ip dhcp excluded-address 10.200.24.1 10.200.24.10
ip dhcp excluded-address 10.200.25.1 10.200.25.10
ip dhcp excluded-address 10.200.26.1 10.200.26.10
ip dhcp excluded-address 10.200.27.1 10.200.27.10
ip dhcp excluded-address 10.200.28.1 10.200.28.10
ip dhcp excluded-address 10.200.29.1 10.200.29.10
ip dhcp excluded-address 10.200.30.1 10.200.30.10
ip dhcp excluded-address 10.200.31.1 10.200.31.10
ip dhcp excluded-address 10.200.48.1 10.200.48.10
ip dhcp excluded-address 10.200.32.1 10.200.32.10
ip dhcp excluded-address 10.200.56.1 10.200.56.10
ip dhcp excluded-address 10.200.40.1 10.200.40.10
!
ip dhcp pool GedungA-Dosen
network 10.200.18.0 255.255.255.0
default-router 10.200.18.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-Lt1
network 10.200.10.0 255.255.255.0
default-router 10.200.10.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-Lt2
network 10.200.11.0 255.255.255.0
default-router 10.200.11.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-Lt3
network 10.200.12.0 255.255.255.0
default-router 10.200.12.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-HotspotITB
network 10.200.48.0 255.255.252.0
dns-server 167.205.22.123 167.205.23.1
default-router 10.200.48.1
!
ip dhcp pool Gedung-Eduroam
network 10.200.32.0 255.255.252.0
dns-server 167.205.22.123 167.205.23.1
default-router 10.200.32.1
!
ip dhcp pool GedungA-VOIP
network 10.200.15.0 255.255.255.0
default-router 10.200.15.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-Camera
network 10.200.16.0 255.255.255.0
default-router 10.200.16.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-Manajemen-Switch
network 10.200.17.0 255.255.255.0
default-router 10.200.17.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-Staff
network 10.200.19.0 255.255.255.0
default-router 10.200.19.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungA-Pimpinan
network 10.200.20.0 255.255.255.0
default-router 10.200.20.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Lt1
network 10.200.21.0 255.255.255.0
default-router 10.200.21.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Lt2
network 10.200.22.0 255.255.255.0
default-router 10.200.22.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Lt3
network 10.200.23.0 255.255.255.0
default-router 10.200.23.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-HotspotITB
network 10.200.56.0 255.255.252.0
dns-server 167.205.22.123 167.205.23.1
default-router 10.200.56.1
!
ip dhcp pool GedungB-VOIP
network 10.200.25.0 255.255.255.0
default-router 10.200.25.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Camera
network 10.200.26.0 255.255.255.0
default-router 10.200.26.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Manajemen-Switch
network 10.200.27.0 255.255.255.0
default-router 10.200.27.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Dosen
network 10.200.28.0 255.255.255.0
default-router 10.200.28.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Staff
network 10.200.29.0 255.255.255.0
default-router 10.200.29.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Pimpinan
network 10.200.30.0 255.255.255.0
default-router 10.200.30.1
dns-server 167.205.22.123 167.205.23.1
!
ip dhcp pool GedungB-Eduroam
network 10.200.40.0 255.255.252.0
dns-server 167.205.22.123 167.205.23.1
default-router 10.200.40.1
!
!
!
!
!
!
!
!
!
!
subscriber templating
no vlan accounting output
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1759385929
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1759385929
revocation-check none
rsakeypair TP-self-signed-1759385929
!
!
crypto pki certificate chain TP-self-signed-1759385929
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373539 33383539 3239301E 170D3138 30323233 31303133
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37353933
38353932 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100DE9A C7F99DA5 1265B661 3E751E3E 1757FAFF F710BCCB 9AE97BB4
7813CBA6 420DB52F 24941DB1 92FD13F1 B2CD6C13 811A6FD4 D151ECB2 DC13F0AC
10E0660C 37E6CCCE C9375CFC 65C7048F 87098E00 949C525A 4EC4519A F5DB2B6F
C76A5453 1D63D979 6991179E AB4E0C9A CEAB78F5 2E3DE818 5CADC35E 8833AAB3
F8FDA79D D1BB5B45 FE66A6F3 517278D4 5A7339E6 D4EA30F8 4A8153EA 27CB3B5A
D0B1D730 D588C11A 40A78188 97508F1F 1B72D1C6 66DEAC9F 788AEF25 785404D6
063ED80A D4D836D8 49A082F7 C7739BD9 565BB68F DC33ACC6 1A74ADC3 D327C3B3
57BFADF7 B66DAD3B 26FA2F17 06C07403 14C4606F 68D04376 BD831639 46ED0E9F
1F69C4E0 94330203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1454323D C0AB2327 6F60CBBD EEDA2CA6 A0343E7B
9E301D06 03551D0E 04160414 54323DC0 AB23276F 60CBBDEE DA2CA6A0 343E7B9E
300D0609 2A864886 F70D0101 05050003 82010100 CAD6C34D B59521AA E5487BE8
7818C503 4A0DD434 5647117B F8A99656 613138FF F6545095 6633F556 96328780
5E794CAD 292FF13D 83686B83 693D4EFF DBAFC455 871C7573 D9A04D72 30544336
EF9F8CA1 46882E3C 140088A2 FC9071C7 5D484547 7AF1CD76 309F2584 5671F815
6D9E1051 602EF3C6 116BF8D7 016697BA 02DEF19D 28F27D5A 7AB8D788 01BF93CC
8FF4B5A5 FF661B8E 182777F4 1B72C1C3 05548727 37D63E8E 6F8D4701 28CF514D
C6D09202 DD8D95FF C9B5D51A 5A260133 A3894B55 C3CE6058 B63B48E2 A9BCAD1E
AB62F568 A66FD51B 945CA658 49958F1B B0240A5E EA08353E D754422D 8C1B71F2
0A8884C6 CDC65379 F156E33E A3867988 2CD20BFE
quit
!
!
license udi pid ASR1001-X sn JAE220701GE
license accept end user agreement
spanning-tree extend system-id
diagnostic bootup level minimal
!
!
!
!
redundancy
mode none
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 198.51.101.0 255.255.255.255
!
interface TenGigabitEthernet0/0/0
no ip address
!
interface TenGigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/0
description FO-INDOSAT
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.123
description INP-FO-ISAT
encapsulation dot1Q 123
ip address 114.5.179.150 255.255.255.252
!
interface GigabitEthernet0/0/0.155
description INIX-FO-ISAT
encapsulation dot1Q 155
ip address 124.195.39.226 255.255.254.0
!
interface GigabitEthernet0/0/1
description RADIO-RADMILLA
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.144
description INIX-RADIO-RADMILLA
encapsulation dot1Q 144
ip address 103.158.98.150 255.255.255.252
!
interface GigabitEthernet0/0/1.155
encapsulation dot1Q 155
!
interface GigabitEthernet0/0/1.321
description INP-RADIO-RADMILLA
encapsulation dot1Q 321
ip address 103.158.98.146 255.255.255.252
!
interface GigabitEthernet0/0/2
description TO-FIREWALL
ip address 10.200.0.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0/0/4
no ip address
negotiation auto
!
interface GigabitEthernet0/0/5
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
router bgp 149176
bgp log-neighbor-changes
neighbor 103.158.98.145 remote-as 141125
neighbor 103.158.98.149 remote-as 141125
neighbor 114.5.179.149 remote-as 4761
neighbor 124.195.38.1 remote-as 17922
neighbor 124.195.39.1 remote-as 17922
!
address-family ipv4
network 103.158.98.144 mask 255.255.255.252
network 103.158.98.148 mask 255.255.255.252
network 114.5.179.148 mask 255.255.255.252
network 124.195.38.0 mask 255.255.254.0
network 198.51.101.0
redistribute static
neighbor 103.158.98.145 activate
neighbor 103.158.98.145 soft-reconfiguration inbound
neighbor 103.158.98.145 route-map RADM-INIX-TO-ITB-AJW in
neighbor 103.158.98.145 route-map RADM-INIX-PREPEND-ITB-AJW-OUT out
neighbor 103.158.98.149 activate
neighbor 103.158.98.149 soft-reconfiguration inbound
neighbor 103.158.98.149 route-map RADM-INP-TO-ITB-AJW in
neighbor 103.158.98.149 route-map RADM-INP-ITB-AJW-OUT out
neighbor 114.5.179.149 activate
neighbor 114.5.179.149 soft-reconfiguration inbound
neighbor 114.5.179.149 route-map INP-TO-ITB-AJW in
neighbor 114.5.179.149 route-map INP-ITB-AJW-OUT out
neighbor 124.195.38.1 activate
neighbor 124.195.38.1 soft-reconfiguration inbound
neighbor 124.195.38.1 route-map INIX-TO-ITB-AJW in
neighbor 124.195.38.1 route-map INIX-PREPEND-ITB-AJW-OUT out
neighbor 124.195.39.1 activate
neighbor 124.195.39.1 soft-reconfiguration inbound
neighbor 124.195.39.1 route-map INIX-TO-ITB-AJW in
neighbor 124.195.39.1 route-map INIX-PREPEND-ITB-AJW-OUT out
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 103.158.98.145 50
ip route 10.200.0.0 255.255.0.0 10.200.0.2
ip route 198.51.101.0 255.255.255.0 10.200.0.2
ip tacacs source-interface Loopback1
!
ip ssh version 2
ip ssh client algorithm encryption aes256-cbc
!
!
ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
!
ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 le 32
!
ip prefix-list ITB-AJW-ROUTE seq 10 permit 198.51.101.0/24
access-list 1 permit 167.205.23.29
access-list 1 permit 167.205.23.19
access-list 1 permit 167.205.1.247
!
!
route-map RADM-INP-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
set as-path prepend 141125 141125 141125 141125
!
route-map INIX-PREPEND-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
set as-path prepend 149176 149176
!
route-map RADM-INIX-TO-ITB-AJW permit 10
set local-preference 300
!
route-map INIX-TO-ITB-AJW permit 10
set local-preference 500
!
route-map RADM-INIX-PREPEND-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
set as-path prepend 141125 141125 141125 141125 141125 141125
!
route-map INP-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
!
route-map RADM-INP-TO-ITB-AJW permit 10
set local-preference 300
!
route-map INP-TO-ITB-AJW permit 10
match ip address prefix-list DEFAULT-ROUTE
set local-preference 500
!
snmp-server community clnet RW
tacacs-server host 167.205.23.19
tacacs-server host 167.205.23.29
tacacs-server directed-request
tacacs-server key 7 132E021C085D491E7F277C30606F42134E
tacacs server TACACS-SERVER
key 7 0138130A585A4B3B754F1A0A4C48460653
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 1 in
password 7 15001E060521282D26340010
authorization commands 1 tac-itb
authorization commands 15 tac-itb
accounting commands 1 tac-itb
accounting commands 15 tac-itb
login authentication tac-itb
transport input telnet ssh
transport output telnet ssh
line vty 5 15
access-class 1 in
password 7 15001E060521282D26340010
authorization commands 1 tac-itb
authorization commands 15 tac-itb
accounting commands 1 tac-itb
accounting commands 15 tac-itb
login authentication tac-itb
transport input telnet ssh
transport output telnet ssh
!
ntp server 167.205.23.1
!
!
!
!
!
end
Border-ITB-AJW>sh ip bgp summary
BGP router identifier 198.51.101.0, local AS number 149176
BGP table version is 13008308, main routing table version 13008308
244737 network entries using 60694776 bytes of memory
1003490 path entries using 136474640 bytes of memory
83786/40946 BGP path/bestpath attribute entries using 23460080 bytes of memory
34697 BGP AS-PATH entries using 1963522 bytes of memory
4693 BGP community entries using 557664 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 223150682 total bytes of memory
501742 received paths for inbound soft reconfiguration
BGP activity 3111305/2866530 prefixes, 13309376/12305886 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
103.158.98.145 4 141125 20601 21622 13008308 0 0 2d09h 2
103.158.98.149 4 141125 29052 21622 13008308 0 0 2d09h 12739
114.5.179.149 4 4761 20012 21029 13008308 0 0 2d07h 1
124.195.38.1 4 17922 272442 15599 13008308 0 0 1d17h 244500
124.195.39.1 4 17922 262838 15609 13008308 0 0 1d17h 244500
Border-ITB-AJW>sh ip bgp neighbors 103.158.98.149 advertised-routes
BGP table version is 13008363, local router ID is 198.51.101.0
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
Border-ITB-AJW>sh ip bgp neighbors 103.158.98.145 advertised-routes
BGP table version is 13008339, local router ID is 198.51.101.0
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
Border-ITB-AJW>sh ip bgp neighbors 114.5.179.149 advertised-routes
BGP table version is 13008363, local router ID is 198.51.101.0
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
Border-ITB-AJW>sh ip bgp neighbors 124.195.38.1 advertised-routes
BGP table version is 13008374, local router ID is 198.51.101.0
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
thanks in advance !
Solved! Go to Solution.
10-24-2022 04:30 PM - last edited on 10-27-2022 10:30 PM by Translator
FW-BoarderRouter-ISP
FW redistribute the connect, that why the BoarderRouter have this prefix with
next-hop
the FW
if you want to see this prefix in BoarderRouter wiht
next-hop 0.0.0.0
<<- meaning it origin of this prefix, then you need to redistribute the connected in BoarderRouter not in FW.
10-23-2022 12:00 PM
your Q not clear,
please more elaborate
10-23-2022 06:28 PM
Hi, sorry if my question is not clear.
for example:
shouldn't the advertised routes be like this?
since 103.158.98.146 is the ip p2p with AS 141125 (ip 103.158.98.145)
Border-ITB-AJW>sh ip bgp neighbors 103.158.98.145 advertised-routes
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 103.158.98.146 0 32768 i
10-24-2022 04:30 PM - last edited on 10-27-2022 10:30 PM by Translator
FW-BoarderRouter-ISP
FW redistribute the connect, that why the BoarderRouter have this prefix with
next-hop
the FW
if you want to see this prefix in BoarderRouter wiht
next-hop 0.0.0.0
<<- meaning it origin of this prefix, then you need to redistribute the connected in BoarderRouter not in FW.
10-23-2022 01:55 PM - last edited on 10-27-2022 10:37 PM by Translator
Hello
Looking at your OP the loopback address isnt a routble address (typo?), it should be a host address /32 also in BGP you are advertisng presently a classful subnet /24 but it should be a host network statement
Lastly the ONLY bgp peering being allowed to advertse all networks (inc loopback) which is not subject to any
prefix-list/route-map
is 114.5.179.149
Try changing the loopback address and re-advertsing it correctly.
route-map RADM-INP-TO-ITB-AJW permit 10
set local-preference 300
interface Loopback1
ip address 198.51.101.1 255.255.255.255
router bgp 149176
network 198.51.101.1 mask 255.255.255.255
neighbor 114.5.179.149 route-map INP-ITB-AJW-OUT out
clear ip bgp * soft
10-23-2022 06:11 PM
hHi Paul,
my loopback address is 198.51.101.0 255.255.255.255.
10-24-2022 03:45 PM - last edited on 10-27-2022 10:37 PM by Translator
Hello
Yes my mistake its already an host address as such its fine however you still need to advertise it correctly within bgp
router bgp 149176
no network 198.51.101.0
network 198.51.101.0 mask 255.255.255.255
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide